Blog

Recent CCleaner Hack Could Have Spread Malware To Millions

You’ve probably heard of the popular app, “CCleaner.” Owned by Avast, this handy utility boasts more than two billion downloads and currently has more than two million active users. As the name suggests, the program cleans the “crud” off your hard drive so that your computer will run faster and more efficiently, and it’s very good at its job.

Unfortunately, as this recent incident reminds everyone, no company is immune to hacking, not even companies that make antivirus software.

In this case, the app’s code was hijacked with code that would have allowed it to spread malware to anyone who used the tool, and it was designed to send a variety of user data back to the hackers who inserted the code, including:

• The MAC addresses of the first three network adapters
• A comprehensive list of all processes your machine is running
• A complete list of all the software you’ve got installed, including which Windows updates you’ve installed
• Your computer name
• And more

An investigation into the matter is ongoing, but a spokesman from parent company Avast wanted to make two things clear to the program’s user base:

Firstly, although the code was clearly inserted with the intention of using CCleaner to distribute malware, there’s no evidence that any has been delivered via this channel. The developers caught wind of the change quickly and moved to shut it down before it could be used.

Secondly, although there’s no way of knowing if any user data was coopted by the hackers via their code, even if some data was stolen, it was likely encrypted, and would be nigh on impossible for the hackers to make use of.

Even so, it’s an embarrassing turn of events for a company on the front line in the ongoing battle to prevent such things from occurring in the first place.

If you downloaded CCleaner version 5.33 between Aug. 15 and Sept. 12 of this year, delete the file and grab a new copy from the company’s website today. The latest version has had the offending code removed.